Privacy Policy

As of February 17, 2026

1. Responsible person

The entity responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Nematullah Popalzai (Airnetly)
Lehrhöfer Heide 5
63457 Hanau
Germany
Email: support@airnetly.com

2. Hosting & Platform (Shopify)

Our website is based on the Shopify e-commerce platform. Your data is processed on Shopify's servers. Shopify provides us with the infrastructure for the online store, the database, and the sending of transactional emails.

Service provider: Shopify International Ltd., Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest) and Art. 6 para. 1 lit. b GDPR (performance of a contract).

3. Purposes and legal bases of processing

A. Contract execution & eSIM provisioning

We process your data (name, email, billing address, order details) in order to process your order and provide you with the eSIM QR code (Art. 6 para. 1 lit. b GDPR).

B. Customer communication

We use your email address to send you important information about your order (Art. 6 para. 1 lit. b GDPR).

C. Legal obligations (accounting)

We are legally obliged to store invoice data for 10 years (§ 147 AO; Art. 6 para. 1 lit. c GDPR).

D. Security & Fraud Prevention

Use of data (e.g. IP address) for the detection of fraudulent transactions (Art. 6 para. 1 lit. f GDPR).

4. Recipients and third-party services

We only share data with third parties if this is technically necessary:

  • Shopify (platform): Hosting and customer management.
  • Stripe / Shopify Payments: Payment processing. Bank details are processed directly there.
  • eSIM technology partner: Technical data will be transmitted to generate your eSIM.
  • Google / Meta: Only with explicit consent in the cookie banner.

5. Data transfer to third countries

Data may be transferred to countries outside the EU (Canada, USA). Canada has an adequacy decision. In the USA, we use providers that operate on the basis of the EU-US Data Privacy Framework or standard contractual clauses.

6. Storage duration

We delete data as soon as the purpose for which it was collected no longer applies:

  • Contract details: 10 years (tax obligation).
  • Shopping carts: These are usually cleaned up after 14-30 days.

7. Rights of data subjects

You have the right to:

  • Right of access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Right to object (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)

Contact: support@airnetly.com

8. Cookies and Analytics

Technically necessary cookies: Required for the operation of the shop (§ 25 para. 2 no. 2 TTDSG).

Analytics (Google Analytics 4): Only with your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time in the footer.

9. Safety

Data traffic is encrypted via SSL/TLS. Shopify is PCI DSS Level 1 certified to guarantee the highest level of payment security.

© 2026 Airnetly. All rights reserved.